Tanvi Vyas <tvyas@mozilla.com> wrote: > On Aug 24, 2015, at 11:24 PM, Brian Smith <brian@briansmith.org> wrote: > > Neither "priming" nor u-i-r are secure against an active MitM so websites > cannot rely on them for security. Websites need to use https:// > subresource links to actually be secure. > > > How so? Neither priming or u-r-i has to make an HTTP request. The browser > makes an HTTP request only when priming fails. > The MitM can block the priming request/response. Cheers, Brian -- https://briansmith.org/Received on Tuesday, 25 August 2015 07:38:54 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:14 UTC